Internet of Things Policy

Version 1.4

For Students, Faculty, Staff, Guests, Alumni

Purpose

The purpose of this policy is to ensure the confidentiality, integrity, and availability of the University’s IT Resources by regulating the use of Internet of Things (IoT) devices and connecting them to the appropriate University network. 

Scope

This IT policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrators, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • In support of University functions, the Faculty/Staff must make an official request to use an IoT device or collection of devices specified in the Internet of Things for Faculty/Staff Networks procedure
  • All other Users must request IoT device connections per the  Internet of Things for Public Networks procedures. 
  • The University has classified the IoT networks into the following groups: 
    • Administrative/Restricted (i.e., University-owned and managed devices, contracted services), 
    • Building management systems (e.g., specialized instruments, HVAC, elevators), 
    • Community devices owned and operated by faculty or staff (e.g., televisions, Apple TV®, Chromecast™), or
    • Student-owned devices on the public network. 
  • Faculty/Staff IoT device requests must be reviewed and connected to the appropriate network as deemed necessary by Information Security and Assurance and DevOps Infrastructure Services
    • IoT devices must only be connected to a segregated and controlled network segment. 
    • IoT networks must be monitored to identify abnormal traffic and emergent threats. 
  • IoT devices should have a process for updating software and hardware firmware as stated in the Vulnerability Management Policy, as applicable. 

Definitions

IT Resources include computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.

The Internet of Things are physical objects (e.g., vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators) that communicate, sense, or interact with their internal states or the external environment via network connectivity.

Related Policies and Procedures

Implementation Information

Review Frequency Annual
Responsible Person Senior Director of IT Security and Assurance 
Approved By CISO
Approval Date 09/12/2018

Revision History

Version
Date
Description
1.0
09/12/2018
Initial document
1.1
01/05/2020
Updated policy statement
1.2 10/06/2020 Updated purpose and policy statement 
1.3 10/13/2021 Updated policy statement
1.4 11/20/2023 Updated policy statement, scope, and disclaimer

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) will only be considered cooperatively between ISA and the requesting entity with sufficient notice to allow for conducting appropriate risk analysis, documentation, review, and notification to authorized University representatives where necessary. Failure to adhere to ISA written policies may be met with University sanctions up to and including dismissal. 

Need Help?


Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours